Re: How do i make Windows DHCP work with VLANs

Donald Bietschek · ‎12-02-2013

Hi Everybody,

I am studying for Cisco and Microsoft certifications and I am doing a practical bit in my own home network.

Here is the scoop, I have 3 Cisco rack mounted routers and 3 Cisco rack mounted switches. I also have a Windows 2012 Server running ADDS, DHCP, and DNS.

I have created 6 DHCP scopes which are as follows:

	Server Pools
ADMINISTRATION	10.227.220.1	10.227.220.100
BEDROOM	10.227.221.1	10.227.221.100
KITCHEN	10.227.222.1	10.227.222.100
BATHROOM	10.227.223.1	10.227.223.100
LIVINGROOM	10.227.224.1	10.227.224.100
WIRELESS	10.227.225.1	10.227.225.100

Basically what I want to happen is all of the switches, routers, and servers to get an address from the ADMINISTRATIVE pool. And for example if I plug a computer into the living room I want it to get an IP Address between 10.227.224.1 - 100 and the bedroom devices to get an address from the bedroom pool etc etc.

One of my admin friends told me to give VLANs a try. Is my buddy correct? Would VLANs be the best way to accomplish this, if so when I activate the scopes on the Windows server how do I get the VLANs to pass out addresses from the Windows DHCP server, I am having trouble understanding how the DHCP server and the VLANs are supposed to talk to each other and how to set that up. And last, how would i wire this physically, where would i plug in the DHCP server etc etc.

Any help would be appreciated, even a point in the right direction.

Thanks,

Donnie

mahmoodmkl · ‎12-02-2013

Hi,

Yes vlans is the way to go.

Before we proceed further could you list what is th model of the switches which you have.

Assuming that you have L3 capable switches you need to create vlans on your switches.

After the vlans are created you need to create a svi for each vlan on the L3 capable switch which will route between your vlans.Define ip helper-address (ip address of your dhcp server) under each SVI.

And paralelly you need to create the DHCP Scopes on your windows server coressponding to each vlan.

Please let us know if you have any further questions.

Thanks

dodi_forever_2003 · ‎12-03-2013

Hi Donald,

You should use subnetting with the proper prefix /24 so we can use a VLAN for each subnet and those VLANs will communicate through InterVLAN routing configued on the Multilayer Switch so you should have at least one Multilayer switch and you can use only one Router and no need for the other 2 Routers.

Regarding the DHCP, it assign IPs for clients but for Routers and Switches, you have to configure them manually for every Router port (if you will use more than one) and for every SVI on switches.

For every Interface VLAN you have to add a DHCP Relay to relay the (Discover, Offer, Request and Ack) packets between the clients and the DHCP server to assign a proper IP address for every client from the proper scope.

Description	Subnet	VLAN
Administration	10.227.220.0/24	100
Bed	10.227.221.0/24	200
Kitchen	10.227.222.0/24	300
Bath	10.227.223.0/24	400
Living	10.227.224.0/24	500
Wireless	10.227.225.0/24	600

The design will be as shown below:

Multilayer Switch Configuration:

ip routing

!
interface Vlan100
description Administration
ip address 10.227.220.254 255.255.255.0

!

interface Vlan200
description Bed-Room
ip address 10.227.221.254 255.255.255.0

ip helper-address 10.227.220.200 #This is the DHCP Server IP Address existing in VLAN 100
!
interface Vlan300
description Kitchen
ip address 10.227.222.254 255.255.255.0
ip helper-address 10.227.220.200

!

interface Vlan400
description Bathroom
ip address 10.227.223.254 255.255.255.0
ip helper-address 10.227.220.200

!

interface Vlan500
description Living-Room
ip address 10.227.224.254 255.255.255.0
ip helper-address 10.227.220.200
!

interface Vlan600
description Wireless
ip address 10.227.225.254 255.255.255.0

ip helper-address 10.227.220.200

interface FastEthernet 0/1
description DHCP-Server
switchport mode access
switchport access vlan 100

interface GigabitEthernet 0/1 #Multilayer switch port connected to Switch-1

switchport mode trunk

switchport trunk allowed vlan all

interface GigabitEthernet 0/2 #Multilayer switch port connected to Switch-2

switchport mode trunk

switchport trunk allowed vlan all

Switch-1 Configuration:

interface GigabitEthernet 0/1 #Switch 1 port connected to Multilayer switch

switchport mode trunk

switchport trunk allowed vlan all

interface FastEthernet 0/1 #Switch 1 port connected to a user in the Bed Room

description Bed-Room User

switchport mode access

switchport access vlan 200

interface FastEthernet 0/2 #Switch-1 port connected to a user in the Kitchen

description Kitchen-User

switchport mode access

switchport access vlan 300

Switch-2 Configuration:

interface GigabitEthernet 0/1 #Switch-2 port connected to Multilayer switch

switchport mode trunk

switchport trunk allowed vlan all

interface FastEthernet 0/1 #Switch-2 port connected to a user in the Bath Room

description Bath-Room User

switchport mode access

switchport access vlan 400

interface FastEthernet 0/2 #Switch-2 port connected to a user in the Kitchen

description Kitchen-User

switchport mode access

switchport access vlan 500

interface FastEthernet 0/3 #Switch-2 port connected to a Wireless user

description Wireless-User

switchport mode access

switchport access vlan 600

For Microsoft Server side:

Be sure that you installed the DHCP Server Role, and the DHCP server is authorized to assign TCP/IP configuration for the clients, and activate the scopes as well, and configure a static IP address for the DHCP server with the IP 10.227.220.200/24 and Default-Gateway 10.227.220.254.

Scope	Start-IP	End-IP	Default-Gateway
Scope-1	10.227.220.1	10.227.220.100	10.227.220.254
Scope-2	10.227.221.1	10.227.221.100	10.227.221.254
Scope-3	10.227.222.1	10.227.222.100	10.227.222.254
Scope-4	10.227.223.1	10.227.223.100	10.227.223.254
Scope-5	10.227.224.1	10.227.224.100	10.227.224.254
Scope-6	10.227.225.1	10.227.225.100	10.227.225.254

Regards,

Khaled Omar

Regards, Khaled Omar "Please don't forget to rate useful posts"

muhd.shafeeque · ‎10-21-2015

Thank you very much

I also had the same problem, u solved it

thank you so much

Muhammed Shafeeque

chunhaolo · ‎04-18-2016

Hi Khaled,

Thank you for your instructions as you clear my confusion as well. I have one question though, assuming these configurations have been set up correctly, how would you connect the home network to the Internet physically so one of the PCs let's say on Switch 1 can surf on the Internet? If we use a router (e.g., using Cisco 2801) that is connected to the ISP router, how should the wiring and configuration be set up on the Cisco 2801? Do we use the T1 DSU/CSU port to connect to the ISP router? Should we use a straight-through or crossover cable to connect them?

Your further instruction is much appreciated in advance!

Thank you,

Thomas

balmathhaji · ‎05-26-2016

I also had the same problem, u solved it

thank you so much

BEST REGARDS

-----------------------------------------

Bassam ALmathhaji

Network & Security Administrator

ghyacin · ‎01-07-2017

Hey Khaled

I have pretty much the same setup only I have a 2650 router with a 16 port etherswitch module installed. All my devices can receive IP addresses from the DHCP server but the devices cannot communicate between vlans.

I have researched inter-vlan and bridge-group to no avail, the only documentation I can find is for a separate router and switch setup. Can you help with the above issue?

my current config info is here:

https://supportforums.cisco.com/discussion/13196711/how-inter-connect-vlans-cisco-router-etherswitch-installed-nm-16esw#comment-11798426

Thanks

Ashish Gusain · ‎11-27-2018

Thanks Omar, its help.

Sachin.ravatnav@gmail.com · ‎11-27-2018

Yes we can first you have to install DHCP server on windows then you can
create different different interface for different vlan help of windows
teaming .

Arshaad Adams · ‎09-28-2022

Greetings Khaled

Thanks for all you did on this.

It solved my problem.

Regards
Arshaad

Donald Bietschek · ‎12-10-2013

I have 3 WS-C2950-24 Switch for the routers I have a 2610 and two 2620's

And thanks a bunch Khaled Omar for all the information it really put me on the correct track.

Sent from Cisco Technical Support Android App

devils_advocate · ‎12-11-2013

As mentioned, VLANS in the primary way to achieve this.

Your 2950 switches are Vlan capable but they are not cable of routing between those Vlans so you will need to use one of the routers for that.

My suggestion would be to setup a Router on a Stick scenario by following this guide.

Link

Effectively you would

Create 6 Layer 2 Vlans on one of your 2950 switches.
Provision a trunk port on the 2950 switch which will connect to a port on the Router
Setup the same L2 Vlans on the Router and then create a subinterface for each of these Vlans with the IP address being the Default Gateway for the clients in each Vlan.
Add a Helper address to each subinterface which points to the IP addres of the DHCP server.
Move ports on the 2950 into the Vlans you want them to be part of.

For Example.

Vlan 10 would be for ADMINISTRATION - Its Subnet would be 10.227.220.0 /24.

Once you have created Vlan 10 on the 2950, you would create a subinterface (following the guide posted above) on the router for this Vlan and give it an IP address such as 10.227.220.1 which would become the default gateway for all the clients in this Vlan.

So assuming everything was setup correctly, you would plug a PC into Port X of the switch (this port would be in Vlan10) and the device would 'Broadcast' a DHCPDISCOVER message. This message would go to every host in Vlan10 (because your switchport is in Vlan10) which would include the Subinterface on the Router. As this subinterface is configured with a 'Helper Address', the message would be forwarded onto this address (i.e the DHCP server) and an address would be assigned from the ADMINISTRATION Pool.

As the DHCPDISCOVER message is forwarded on by the Subinterface, the DHCP server knows that it came from 10.227.220.1 (the subinterface) so knows to assign an address from the corresponding pool.....if that makes sense?

Donald Bietschek · ‎12-11-2013

Yep it all makes sense thanks everybody for all your help :-)

Sent from Cisco Technical Support Android App

Sachin.ravatnav@gmail.com · ‎07-18-2018

For that you have create vlan interface on Windows server by using teaming then you can add vlan id .

atamullayevh · ‎02-20-2024

Hello everyone, I have this situation, I have a Windows server 2012r and a Cisco Catalyst 3650. I tried everything to distribute an IP address to several vlans via DHСP, but my server distributes only to one of its vlans. I connected the server to the switch as Access. I have about 50 vilans.

Can anyone help me deal with this situation?